HSE/Department of Health Hack (1 Viewer)

rettucs

Well-Known Member
Supporter
Joined
Apr 18, 2006
Messages
23,495
Solutions
2
Location
Post of the week winner: 22nd March, 2013
oh, agreed. i work for a company which gets nation state level attention so a lot of our security guys are shit hot. but we're spread across the world, which means there's always going to be rogue systems unpatched and forgotten about knocking around the place.
i'm responsible for the AV on approx 120k systems but thankfully i'm not on the incident management side of cyber security (means i don't get woken at 2am over an incident). it's more my job to worry about a duff IPS engine update bluescreening systems than it is to worry about what the software is actually detecting.
I am on the incident response team in my place. Well, we were a small startup (bigger now), so we were responsible for everything.

I remember going to the 2019 all-ireland final and getting paged while I was in the Ilac Center, about to head to Croke Park. Thankfully someone covered for me, but talk about poxy timing.

Incidentally, that alert was triggered by an ssh attack from a 'known rogue actor', and was interpreted by our system as an attempted data exfiltration attack. Basically, an 'ssh' to a linux system caused a reverse DNS lookup of the source of the ssh attempt. A DNS lookup of a 'known rogue actor', triggers the highest severity security alert, even though its totally a false alarm. Still reassuring to know all the same.
 

magicbastarder

Well-Known Member
Joined
Sep 14, 2006
Messages
8,424
Website
stroma.org
I remember going to the 2019 all-ireland final and getting paged while I was in the Ilac Center, about to head to Croke Park. Thankfully someone covered for me, but talk about poxy timing.
speaking of timing, a few years back my brother rang me on a thursday or friday (i think a friday) and jokingly asked 'well, i bet you're having a shit day'. i didn't have a clue what he was talking about, i was standing on the side of a hill (at the carrowkeel passage tombs) and had not seen the news about wannacry. i was able to go about the rest of my holiday. if i'd not been on leave, that'd have been a fun weekend.
 

nuke terrorist

Well-Known Member
Supporter
Joined
Dec 21, 2004
Messages
2,839
Location
'north munster'

magicbastarder

Well-Known Member
Joined
Sep 14, 2006
Messages
8,424
Website
stroma.org
turns out i know someone working on the incident, albeit on the fringes. nothing juicy that he's shared with me (not that i'd mention it here anyway)
 

thumped

chronic procrastinator
Staff member
Since 1999
Thread starter
Joined
Nov 14, 1999
Messages
57,399
Solutions
3
Location
iPanopticon
Website
thumped.com
What is that when its translated out of nerd
- nothing in there to indicate how they got onto the network in the first place
- HSE has had the ransomware run, so files got encrypted & everything was then taken offline
- Dept Health found the intrusion and were able to prevent it running the actual ransomware stuff, but everything taken offline anyway as a precaution
 

magicbastarder

Well-Known Member
Joined
Sep 14, 2006
Messages
8,424
Website
stroma.org
Cobalt Strike is essentially a security toolkit which can be used for testing your own network for vulnerabilities, but as is often the case with these tools, can be used for nefarious purposes. they used it as a means of getting their malware where they wanted it. but as pete mentioned, it doesn't explain (and they probably don't know) how it got in.
 

thumped

chronic procrastinator
Staff member
Since 1999
Thread starter
Joined
Nov 14, 1999
Messages
57,399
Solutions
3
Location
iPanopticon
Website
thumped.com
What’s funny is that the surname of the person responsible for Cobalt Strike (Raphael Mudge) is the same as the nickname of one of the l0pht guys. COINCIDENCE?
 

Users who are viewing this thread

Latest Activity

Loading…

Support thumped.com

Support thumped.com and upgrade your account

Upgrade your account now to disable all ads... If we had any... Which we don't right now.

Upgrade now

Latest posts

Trending Threads

Latest threads

Top